We have a problem, help would be apprciated:
We have the following:
MT Router with 2 WLAN Atheros Interface and 1 Ethernet Interface (on which VLAN1 and VLAN2 is configured).
Connectivity is as follows:
Cisco with VLAN1 and VLAN2 connected to MT Router. Slave MT Radios are connected to each wireless interface of the MAIN MT Router. Host at Slave 1 can ping VLAN1 and Slave 2 can ping VLAN2. This is all fine. But problem is that SLAVE1 can also ping and reach Slave 2. Since the Slaves are on different WLAN interfaces we cannot even use the unchecking the DEFAULT FORWARD feature.
So how do we prevent exchange of traffic between the slaves on different WLAN interface and exchange should only take place through the CISCO ROUTER, which is connected to MT router over VLAN. We want that SLAVE 1 can only access VLAN1 and Slave 2 can only access VLAN2.
HELP!
So you have IP routing configured on VLAN interfaces on the Cisco router? Then you can
just use access-lists on the Cisco to restrict traffic between both VLAN interfaces (or more
advanced stateful firewall features, if your IOS version supports it).
–Tom
The problem is not cisco. Slave 1 when tries to ping Slave 2 it does not even need to reach the cisco, it just goes through the master MT, which is not wanted. So how to prevent slaves of each wireless interface from not able to reach slaves of other wireless interface?
Can you show us a picture / network plan of your setup and post the config of the MT and the Cisco router?
There are a lot of details missing from your description.
–Tom
I think what the person is trying to do is something like turning off “Default Forwarding” for a wireless interface, except between TWO wireless interfaces.
I was pretty sure a VLAN could do that, but am unsure what that would look like if the interfaces were bridged.
That’s what I think, yeah, and VLANs should in fact fine to solve this, but as of now we still don’t know if he has (mistakenly) bridged both VLANs together, or if he has implemented Layer 3 interfaces on top of those VLANs on the MT router and both directly connected IP networks get routet to each other, etc.
That’s why I was asking for a more complete picture and some configuration, because then the guessing would end and all this would be clear…
–Tom
The network is like this:
Cisco VLAN1 ---- VLAN1 of MT Master (meant for Slave 1)
VLAN2------VLAN2 of MT Master (meant for SLave 2)
WLAN1 of Master is connected SLAVE 1, which is terminated to Network 1.1.1.0/24 on ethernet
WLAN2 of Master is connected SLAVE 2, which is terminated to Network 2.2.2.0/24 on ethernet
Master has Routes for 1.1.1.0/24 network to Slave 1 and 2.2.2.0/24 to Slave 2. So if we ping 1.1.1.0/24 network from Slave 2 then it just goes to the master and master routes it to Slave 1. We want that MASTER doesn’t route it and sends it to VLAN2. So that Cisco can control access.
Is there some way of acomplishing this?
Thanks for your help guys!
What interface are you adding the vlans on?
You might want to try add two bridges. Add VLAN1 and WLAN1 to one, and VLAN2 and WLAN2 to the other. This should make the cisco do the routing.
Or you can add firewall rules to forward chain to keep the two networks from seeing eachother.
Hope this helps.
Dan